-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"LDConfigSetSSLCertificateAuthority" and "LDConfigSetVerifyPeer" are not available from 3.0. #385
Comments
Hi @ngangomsamananda, you are correct, these are not available in the SDK at the moment. I have filed an internal feature request. Filed internally as 238927. |
@cwaldren-ld Thank you. |
Hi @ngangomsamananda , I cannot provide an estimate, but I will address it as soon as I am able. |
Hi @cwaldren-ld, is there any particular reason why |
Hi, please accept my apologies for slow response as I am out of the office.
I will prioritize this feature when I return next week.
…On Tue, Apr 16, 2024, 6:15 AM ngangomsamananda ***@***.***> wrote:
Hi @cwaldren-ld <https://github.com/cwaldren-ld>, is there any particular
reason why LDConfigSetSSLCertificateAuthority and LDConfigSetVerifyPeer
are not included in v3.x?
Could you please take up this issue on priority than the other tickets (
#392 <#392> and #394
<#394>) which I had
requested? We are not able to complete the sdk update because of these APIs.
—
Reply to this email directly, view it on GitHub
<#385 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWJYQJYILEDZXCXWRRCMBQTY5UI6LAVCNFSM6AAAAABFSVEJG2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJYHE2DQMRYGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@cwaldren-ld No worries. In one of the tickets, you had mentioned you will be out of office this week. I have added the comment so that you can have a look when you come back. |
Hi @ngangomsamananda , the reason these APIs were not included was because we didn't have a proven use-case for them. Since you have requested them, I have begun work here: #391 I will update you when the work is complete. |
@cwaldren-ld Thank you so much. |
Hi @ngangomsamananda , I apologize this is taking longer than expected. I am still working on it. The |
@cwaldren-ld Let me know when |
Hi @ngangomsamananda , we have released C++ Client v3.5.0 with support for disabling Peer Verification in TLS handshake. Here is a link to the docs. Example: // First, create a new TLS Config builder
LDClientHttpPropertiesTlsBuilder tls_builder = LDClientHttpPropertiesTlsBuilder_New();
// Disable peer verification
LDClientHttpPropertiesTlsBuilder_SkipVerifyPeer(tls_builder, true);
// Assuming you have an existing LDClientConfigBuilder
LDClientConfigBuilder_HttpProperties_Tls(config, tls_builder); Please note, the SDK will emit logs informing you that TLS peer verification is disabled, since it can be considered a security flaw in many scenarios. You can disregard the log message if you use this feature. |
@cwaldren-ld Thank you so much. I will check and let you know. |
Not normally. If you pass the TLS builder into the HttpPropertiesBuilder, there is no need to call If you do not pass it into the HttpPropertiesBuilder, then yes you must call Relevant part from the docs on
|
Hi @cwaldren-ld , till now the replacement for |
Hi @ngangomsamananda , please check out #409 branch ( // First, create a new TLS Config builder
LDClientHttpPropertiesTlsBuilder tls_builder = LDClientHttpPropertiesTlsBuilder_New();
// Set path to a custom CA file
LDClientHttpPropertiesTlsBuilder_CustomCAFile(tls_builder, "path/to/your/custom_ca.pem");
// Assuming you have an existing LDClientConfigBuilder
LDClientConfigBuilder_HttpProperties_Tls(config, tls_builder); If you are unable to test the branch, please wait for the upcoming release. |
@cwaldren-ld I will do the testing when it is release. Thanks for working on that API. |
Hi @ngangomsamananda , release is available here: https://github.com/launchdarkly/cpp-sdks/releases/tag/launchdarkly-cpp-client-v3.6.0 |
Hi @cwaldren-ld, thank you so much for providing the new API's in short time. |
Is your feature request related to a problem? Please describe.
We are updating client sdk from v2.5.2 to v3.4.0 (c binding) but the equivalent replacement of
LDConfigSetSSLCertificateAuthority
andLDConfigSetVerifyPeer
are not available.LDConfigSetSSLCertificateAuthority: Set the path to the SSL certificate bundle used for peer authentication.
LDConfigSetVerifyPeer : Set whether to verify the authenticity of the peer's certificate on network requests.
Describe the solution you'd like
Please provide the replacement for
LDConfigSetSSLCertificateAuthority
andLDConfigSetVerifyPeer
.Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context about the feature request here.
The text was updated successfully, but these errors were encountered: